A study commissioned for Microsoft found that cyber security incidents have a potential economic loss of $29 billion annually — equivalent to almost 2 per cent of Australia’s GDP.
And with more than half (55 per cent) of Australian firms surveyed having suffered a cyber breach in the first five months of 2018 alone, the effects are being widely felt.
“The number of organisations that have experienced a cyber security incident, although large, is not particularly surprising given the increased rate of cyber security attacks we’re seeing annually,” said Tom Daemen, Microsoft’s director of corporate, legal and external affairs.
“However, the finding that one in five Australian businesses are not performing regular forensics and data breach assessments is surprising given the frequency of attacks and suggests a need for greater awareness and a cultural shift in how we manage and think about data.”
Concerns around security are causing many businesses to put digital transformation plans on the backburner, with two-thirds of surveyed firms admitting they have put projects on ice.
“The fact that two-thirds of Australian organisations are putting off digital transformation efforts is concerning, when you consider that digital transformation is expected to contribute A$45 billion to Australia’s economy by 2021,” Mr Daemen said.
Rather than cancel or postpone digital projects and processes, Mr Daemen said that a more proactive approach to security was needed, both to reduce the risk of attack as well as the fear surrounding potential losses.
“Data management needs to be prioritised in the boardroom as a strategic focus. Not only will this ensure organisations comply with Australian Notifiable Data Breaches Act and European GDPR legislation, but it will empower employees to see data as the strategic asset it is — and push forward with digital transformation initiatives,” he said.
In May this year, network security firm ForeScout slammed businesses for being laissez-faire about their security updates.
Marking a year since the WannaCry ransomware crippled businesses and organisations worldwide (although Australia got off comparatively lightly), the firm’s chief product officer Rob Greer warned that “many organisations still don’t regularly patch their systems or even know where their endpoint and devices are”.
Mandatory data breach reporting rules are now in effect, which cover most businesses and industries — particularly those with large amounts of sensitive data such as the health sector.